Open Install

Category: Adware and PUAs Protection available since:13 Feb 2012 02:10:31 (GMT)
Type: Unspecified PUA Last Updated:21 Dec 2013 18:59:21 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Open Install  is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of Open Install include:

Example 1

File Information

Size
237K
SHA-1
00223231f4cf8081595b4ef81b134e924d7457c5
MD5
1810e02b25a63dd612538c1a17de4dee
CRC-32
fa331b3c
File type
Windows executable
First seen
2012-06-21

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\0zm59A8SnV.mht
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\Zab2gRthdt.mht
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\Zab2gRthdt.html
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\Ay3jOl80gw.html
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\TdRD3ywTlg.mht
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\TdRD3ywTlg.html
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\Ay3jOl80gw.mht
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\0zm59A8SnV.html
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\3nIq4qGFZl.mht
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_Jjw5JoC30m\3nIq4qGFZl.html
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012062220120623
    CacheRepair
    0x00000000
HTTP Requests
  • http://c12081072.r72.cf2.rackcdn.com/main.min.js
  • http://c12081072.r72.cf2.rackcdn.com/screen_2_4.min.js
  • http://d2367f1ev6uh4s.cloudfront.net/Installers/Tucows/images/logo.png
  • http://img0001.s3.amazonaws.com/Offers/AVG%20Toolbar/avgtoolbar.bmp
  • http://inst.avg.com/serve/cb.php
  • http://inst.avg.com/serve/getProgress.php
  • http://inst.avg.com/serve/getScreen.php
  • http://inst.avg.com/serve/getTemplate.php
  • http://stats.inst.avg.com/run
DNS Requests
  • c12081072.r72.cf2.rackcdn.com
  • d2367f1ev6uh4s.cloudfront.net
  • img0001.s3.amazonaws.com
  • inst.avg.com
  • market.oicdn.com
  • st.openinstall.com
  • stats.inst.avg.com

Example 2

File Information

Size
416K
SHA-1
0024f74adbaa316bbedd5316e3c75ceec68b06ec
MD5
9fd9c67021333bb329691f8905950355
CRC-32
e3c3f0e9
File type
Windows executable
First seen
2013-07-09

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_zzYxdygJvQ\OIAssistWTD.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\OIC2.tmp
Registry Keys Created
  • HKCR\CLSID\{9E78B5FD-E5B4-B9D5-F859-A59DF4E08EEC}
    data
    ef2792801bd245a895268eac6aa11caa
DNS Requests
  • config.inst.avg.com
  • st.cloins.com

Example 3

File Information

Size
383K
SHA-1
004c95514616952a724d731410c189b5d18ab21b
MD5
7266cdb5d2c7e4cef8188b925927ba4e
CRC-32
4801d8c9
File type
Windows executable
First seen
2013-03-26

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\oi_zUa9NnmWX5\OIAssistWTD.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\OIC2.tmp
    Size
    872K
    SHA-1
    f269d1f1b2d276f4ec5beb05c864e01ab34e487a
    MD5
    234dd74027d2ba23ef7b4942699a2e3e
    CRC-32
    10b5b3df
    File type
    Windows executable
    First seen
    2013-02-23
Registry Keys Created
  • HKCR\CLSID\{9E78B5FD-E5B4-B9D5-F859-A59DF4E08EEC}
    data
    385eaf1228b0424b8ef494374ce6bbd3
DNS Requests
  • inst.avg.com
  • st.cloins.com

download Try Sophos products for free
Download now